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~ The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). tn no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 17 December 2001 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 185(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1 ) H Notice of References Cited (PTO-892) 4) □ Interview Summary (PTCM1 3) Paper No(s). . 

2) □ Notice of Drafts person's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-152) 

3) |3 Information Disclosure Statement(s) (PTO-1449) Paper No(s) 6.7.8 . 6) □ Other: 
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DETAILED ACTION 



Drawings 



1 . The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) because 
reference character "22" has been used to designate three different BRs in figure 3. A proposed 
drawing correction or corrected drawings are required in reply to the Office action to avoid 
abandonment of the application. The objection to the drawings will not be held in abeyance. 



2. The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gleeson in 
view of Lewis et al (US 4,924,500). 

As per claim 1, Gleeson discloses a virtual private network system (i.e. virtual private 
networks running across IP backbones, see page 1, abstract) that resists denial of 
service attacks (i.e. support for quality of service guarantees, see page 2, paragraph C) 
comprises: 

a) one egress boundary router (i.e. ISP edge node, see figure 7.1) having connections 
to an access link (i.e. stub link, see figure 7.1), wherein the egress boundary router 



Claim Rejections - 35 USC § 103 
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transmit intra- VPN traffic and extra- VPN traffic from source within the VPN (i.e. IP 
tunnel). 

b) two ingress boundary router (i.e. ISP edge node, see figure 7.1) coupled to the 
egress boundary router for communication utilizing a network based VPN protocol. 

Gleeson does not disclose expressly disclose the network system comprising a 
Differentiated Services network and separate the intra- VPN traffic and extra- VPN (i.e. 
public VPN) traffic such that denial of service attacks on said access link originating 
from sources outside the VPN can be presented. 

Lewis discloses a network system comprising two communication paths, signal 
link and public network (i.e. Differentiated Service Network, see figure 1) which is used 
to coupling node A (i.e. an egress boundary router) and node B (i.e. an ingress boundary 
router). The CINS request message (i.e. intra- VPN traffic) is sent from the original node- 
A 10 to the terminating node-B 1 1 . The intra-network call (i.e. extra-VPN traffic) can be 
established through a public network [see column 2 line 4 - column 3 line 63 and figure 



It would have been obvious to a person of ordinary skill in the art at the time of 
the invention was made to employ the public network path and protocol within the 
system of Gleeson to separate the intra-VPN traffic and extra- VPN. 

The suggestion/motivation for doing so would have been used to separate the 
logical access path between intra-VPN traffic and extra- VPN so that the denial of service 
attacks can be prevented. 



!]■ 
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As per claim 3, Gleeson discloses the VPN network further comprising a plurality of 
customer premises equipment (CPE) edge routers each coupled to a respective one of 
plurality of ingress boundary routers [see page 13 paragraph 7. 1 .5]. 

As per claims 4, 5, Gleeson discloses the VPN network further comprising the access 
network (i.e. VPLS, see page 12 paragraph 7.0). Gleeson discloses the VPN network 
further comprising a plurality of customer premises equipment (CPE) edge routers to the 
access link (i.e. stub link, see figure 7.1). 

As per claims 6, 7, Gleeson et al disclose a CPE based virtual private routed network 
(VPRN). One of the CPE routers is multi-homed to the ISP network. The stub links 
may be active, or so shown, there may be one primary and one or more backup links 
(i.e. plurality of tunnel), see page 6 paragraph 1-4). Lewis discloses the nodes in a 
private network become overloaded with intra-network calls, such calls will be re- 
routed from the private network to an available public network (i.e. partition the intra- 
VPN and extra- VPN traffic, see column 2 lines 4-25). 

As per claim 8, Gleeson et al disclose that by modeling a VPN tunnel as just another 
type of link layer, many of the existing mechanisms developed for ensuring Quality of 
Service (QoS) over physical links can also be applied [see page 5 paragraph 4]. 

As per claims 9, 10, Gleeson discloses a virtual private networks (VPN) comprises: 
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a) an access network [see figure 7.1] having an access line to a destination host (i.e. 
CPE, 10.1.1.2, see figure 7.1) support a first logical connection (i.e. IP tunnel, see 
figure 7. 1) for intra- VPN traffic; 

b) one egress boundary router (i.e. ISP edge node, see figure 7. 1) having connections 
to an access link (i.e. stub link, see figure 7.1), wherein the egress boundary router 
transmit intra- VPN traffic and extra- VPN traffic from source within the VPN (i.e. IP 
tunnel). 

c) two ingress boundary router (i.e. ISP edge node, see figure 7. 1) coupled to the 
egress boundary router for communication utilizing a network based VPN protocol such 
that resists denial of service attacks (i.e. support for quality of service guarantees, see 
page 2, paragraph C) on said access link originating from source (i.e. CPE 10.1.1.1, 
see figure 7.1) outside the VPN can be prevented. 

Gleeson does not disclose expressly disclose the network system comprising a 
Differentiated Services network and separate the intra- VPN traffic and extra- VPN (i.e. 
public VPN) traffic such that denial of service attacks on said access link originating 
from sources outside the VPN can be presented. 

Lewis discloses a network system comprising two communication paths, signal 
link and public network (i.e. Differentiated Service Network, see figure 1) which is used 
to coupling node A (i.e. an egress boundary router) and node B (i.e. an ingress boundary 
router). The CINS request message (i.e. intra-VPN traffic) is sent from the original node- 
A 10 to the terminating node-B 11. The intra-network call (i.e. extra- VPN traffic) can be 
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established through a public network [see column 2 line 4 - column 3 line 63 and figure 



It would have been obvious to a person of ordinary skill in the art at the time of 
the invention was made to employ the public network path and protocol within the 
system of Gleeson to separate the intra-VPN traffic and extra- VPN. 

The suggestion/motivation for doing so would have been used to separate the 
logical access path between intra-VPN traffic and extra- VPN so that the denial of service 
attacks can be prevented. 

As per claim 1 1, Gleeson discloses the VPN network further comprising a plurality of 
customer premises equipment (CPE) edge routers each coupled to a respective one of 
plurality of ingress boundary routers [see page 13 paragraph 7.1.5]. 

As per claims 12,13, Gleeson discloses the VPN network further comprising the access 
network (i.e. VPLS, see page 12 paragraph 7.0). Gleeson discloses the VPN network 
further comprising a plurality of customer premises equipment (CPE) edge routers to the 
access link (i.e. stub link, see figure 7. 1). 

As per claims 14,15, Gleeson et al disclose a CPE based virtual private routed network 
(VPRN). One of the CPE routers is multi-homed to the ISP network. The stub links 
may be active, or so shown, there may be one primary and one or more backup links 
(i.e. plurality of tunnel), see page 6 paragraph 1-4). Lewis discloses the nodes in a 



1]. 
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private network become overloaded with intra-network calls, such calls will be re- 
routed from the private network to an available public network (i.e. partition the intra- 
VPN and extra- VPN traffic, see column 2 lines 4-25). 

As per claims 16-20, the claimed steps correspond to the functions of the elements of 
the claims 1,2,6-8, which has been rejected above, and thus rejected with the same 
reason applied thereto. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chi-Chung E Lee whose telephone number is 703-306-4153. 
The examiner can normally be reached on 8 am - 5 pm, Mon. - Fri.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Conclusion 




Chi-Chung Lee 
09/24/2003 
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SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



